Configure Secondary DNS Server in Windows Server 2008

Install and configure DNS Server in Windows Server 2008, in this article we configured only a single DNS Server and applied a trick to cheat Domain Name authority which requires at least two name servers. In Install and configure DNS Server in Windows Server 2008 article we created two name server records both pointing to the same DNS Server but to different IP address configured on a single network adapter. As we know we need at least two name servers to provide DNS services to public domains. This requirement is to provide high availability DNS services for domains. If primary name server goes down DNS requests will be served by secondary name server. So here we go with the step by step instruction on how to configure secondary DNS server.

Primary DNS Nameserver

Do the following activity on the machine running DNS server which will act as Primary name server.

  • Install DNS Server role on Primary DNS Server as shown in Install DNS Server
  • Configure DNS Server Properties
  • Create the forward lookup zone
  • Configure the forward lookup zone with a few changes as listed below:
    • Name Servers: Add ns1.example.com >> 192.168.1.225 and secondary name server ns2.example.com >> 192.168.1.226 (IP address of the secondary DNS Server). Don’t worry if you receive “The server with this IP address is not authoritative for the required zone” see Snapshot 1.
    • Zone transfers: Make sure that “Allow zone transfers” is enabled and “Only to servers listed on the Name Servers” is selected.
    • Notify: Make sure that “Automatically notify” is enabled and “Servers listed on the Name Servers tab” is selected.
Error while adding secondary name server on Primary DNS Server
Snapshot 1 :: Error while adding secondary name server on Primary DNS Server

Secondary DNS Server

We need to carry out following activities on the DNS Server machine which will act as secondary name server.

Create Secondary Forward Lookup Zone

  • Launch DNS Manager by clicking Start > Administrative Tools > DNS or type dnsmgmt.msc in Run window (Press Windows Key + R) and press Enter.
  • Expand Server > Right click Forward Lookup Zones > New Zone which will launch New Zone wizard.
  • Click Next on Welcome to the New Zone wizard.
  • Select “Secondary zone” radio button and the click Next.
  • Enter zone name e.g. example.com and then click Next.
  • Enter IP Address of the Master DNS Server i.e. Primary DNS Server. In my case it is 192.168.1.225. Click Next.
Configure secondary DNS Server :: Enter IP Address of Master DNS Server
Snapshot 2 :: Enter IP Address of Master DNS Server
  • Click Finish to complete the New Zone creation wizard.

Let’s verify if it works!!!

Once we complete new secondary zone creation wizard within a few minutes entire zone should be transferred from Primary DNS Server to secondary DNS server. We can verify the zone from DNS Management console (dnsmgmt.msc) of Secondary DNS Server. If it doesn’t appear press F5 to refresh.

One more thing we should check is that when we make any changes with forward lookup zone on primary name server those changes should immediately appear in secondary forward lookup zone of secondary name server. This is because we have configured primary forward lookup zone to automatically notify all the name servers listed on name servers tab about the changes happening in primary forward lookup zone.

Register & Update Name servers at Domain Name Registrar

After setting up primary and secondary name servers now we need to register and update name servers at domain name registrar.

Related Posts

9 thoughts on “Configure Secondary DNS Server in Windows Server 2008

  1. That was the best explanation i could expect. If one more thing was added, it would be complete. gopalthorve  How do i copy numerous primary backup lookup zones to secondary Backup zones. Is there any easy way to do.

  2. Hi, 

    Thank you for the nice post. I’m facing one difficulty. Every time i create new domain from control panel, the zone transfer for that domain DNS is set to ” only to the following servers ” option.

  3. Please i need help im locked out of my computer and got the c:windows system32 but i can not change or fix the problem it say dns server not authoritive for zone…can you help

  4. ecasper 
    Thanks for connecting. Yes of course it also applies to Windows Server 2008 R2 Standard Edition (All editions of Windows Server 2008).

Leave a Reply

%d bloggers like this: